Revision #77: Firewall Management

mobieusKnow Firewall Management History #77

Author

system

Submitted

May 30, 2026 5:38am

Reviewed

May 30, 2026 5:38am

Summary

v3 redesign: ipt-* CSS, stat strip, filter chips, themed confirm modals

+ ## Firewall Management

− ## Firewall Viewer

+ `/admin/iptables` is your interface to the platform's firewall. View active rules, block bad actors, whitelist trusted IPs, and review attack patterns. Designed mobile-first so you can ban an IP from your phone.

− `/admin/iptables` shows the live firewall ruleset for your tenant. It is a read-only view: you can see exactly which addresses are currently blocked at the network level and why. To add or remove a block, use the IP Bans page (see below).

+ For automatic banning rules and broader security tooling, see [IP Bans & Security](/know/ip-bans-and-security).

− For managing bans and whitelists, see [IP Bans & Security](/know/ip-bans-and-security).

---

## Page anatomy

+ The v3 redesign organizes the page into 4 zones:

− The page has three zones:

+ | Zone | What it does |

− | Zone | What it shows |

|---|---|

+ | Stat strip | Live counts: active bans, whitelists, 24h ban rate, fail2ban jail size |

+ | Filter chips | One-click filters by type (ban, whitelist, jail) and source (manual, fail2ban, modsec) |

+ | Sticky-header table | Every active rule. Header stays visible as you scroll |

+ | Action drawer | Add a ban, add a whitelist, edit an entry |

− | Stat strip | Live counts: active blocks, whitelisted addresses, recent activity |

− | Filter chips | One-click filters by type and source |

− | Table | Every active firewall rule, with a sticky header as you scroll |

+ The CSS uses an `ipt-*` namespace and semantic theme tokens, so it looks correct on both light and dark themes.

− The page looks correct on both light and dark themes.

---

## Stat strip

+ Shows 4 live counters:

− A row of live counters:

+ - **Active bans.** IPs currently blocked.

+ - **Whitelisted.** IPs that fail2ban will never block.

+ - **24h ban rate.** How many new bans landed in the last 24 hours.

+ - **Jail size.** Current fail2ban jail population.

− - **Active blocks.** Addresses currently blocked.

− - **Whitelisted.** Addresses that are never auto-blocked.

− - **Recent activity.** New blocks added in the last 24 hours.

Each counter clicks through to a filtered view of the table.

---

## Filter chips

+ One row of chips below the stat strip. Click a chip to filter the table. Click again to unfilter. Multiple chips stack.

− A row of chips below the stat strip. Click a chip to filter the table; click again to clear. Multiple chips stack.

+ - **Type:** Ban, Whitelist, Jail

+ - **Source:** Manual, fail2ban, ModSec

− - **Type:** Block, Whitelist

− - **Source:** Manual or automatic

- **Age:** Last hour, Last 24h, Last 7d, All time

The filter is reflected in the URL, so you can share a filtered view.

---

## Table

A single sticky-header table. Columns:

| Column | Notes |

|---|---|

+ | IP | Click to copy via App.toast notification |

+ | CIDR | If the entry is a range, the CIDR mask |

+ | Type | Ban or Whitelist |

+ | Source | Manual, fail2ban, ModSec |

+ | Reason | Free text or rule ID |

− | IP | Click to copy |

− | CIDR | If the entry is a range, the network mask |

− | Type | Block or Whitelist |

− | Source | Manual or automatic |

− | Reason | Free text or rule reference |

| Added | Time ago, full timestamp on hover |

+ | Expires | When the ban auto-lifts (blank for permanent) |

+ | Actions | Unban, edit reason, copy |

− | Expires | When the block auto-lifts (blank for permanent) |

Click any column header to sort.

---

+ ## Adding a ban

− ## Adding and removing blocks

+ Click **Add ban** in the toolbar. Fill 3 fields:

− Adding a block, adding a whitelist, and lifting a block all happen on the **IP Bans** page, not here. This viewer is read-only by design, so a glance at the firewall can never change it. Open [IP Bans & Security](/know/ip-bans-and-security) to make changes.

+ - **IP or CIDR.** Single IP or range. Example: `203.0.113.5` or `203.0.113.0/24`.

+ - **Reason.** Free text. Will show in audit log.

+ - **Duration.** Permanent, 1 hour, 24 hours, 7 days, 30 days.

− ---

+ Save. The ban is live within seconds.

− ## How current the view is

+ ---

− The view can be up to about a minute behind the live ruleset. If you just added or lifted a block on the IP Bans page and don't see it reflected here yet, give it a minute or refresh.

+ ## Adding a whitelist

− If the view shows a stale-data warning that persists for more than a few minutes, open a ticket with [[email protected]](mailto:[email protected]) and we'll look into it.

+ Same flow. Click **Add whitelist**, fill the fields, save. Whitelisted IPs are never auto-banned by fail2ban or ModSec.

− ---

+ Use whitelists for:

− ## Blocks you did not add

+ - Your office IP (so a typo doesn't lock you out)

+ - A shared VPN that other admins use

+ - Trusted monitoring services (Pingdom, UptimeRobot)

− Some addresses are blocked automatically when they show clear signs of abuse, such as brute-force login attempts or known attack patterns. These appear in the table with their **Source** set to automatic and a short reason.

−

− If you think an automatic block caught a real member by mistake, lift it and add a whitelist for their address on the IP Bans page. Whitelisted addresses are never auto-blocked.

---

+ ## Destructive actions confirm safely

− ## Mobile

+ The redesign replaces native browser `confirm()` dialogs with themed modal dialogs. Click **Unban** and a Mobieus-styled modal asks you to confirm. Click outside to cancel.

− The page is fully responsive. On narrow screens the stat strip stacks, the filter chips wrap, and the table switches to a card layout with key fields stacked.

+ This means:

− ---

+ - Confirmation dialogs match your theme (light or dark)

+ - Mobile users see a properly sized modal instead of a tiny browser prompt

+ - Screen readers announce the action clearly

− ## Access

−

− Requires the Tenant Super Admin role. This page is view-only.

---

+ ## Mobile

− ## Common scenarios

+ The page is fully responsive. On narrow screens:

− **"I accidentally blocked my own address and now I cannot log in."**

+ - Stat strip stacks vertically

+ - Filter chips wrap to multiple rows

+ - Table switches to card layout with key fields stacked

+ - Action drawer slides up from the bottom

− Get back in from a different network (cell data or a VPN), open the IP Bans page, find your address, and lift the block. If you have no second device, email [email protected] with the timestamp of when you locked yourself out, and we can clear it.

+ ---

− **"I see a block I do not understand."**

+ ## Access

− Check the **Source** and **Reason** columns. If the source is automatic, the address matched an abuse pattern. You can lift it from the IP Bans page without needing to know the original trigger. Worth flagging recurring patterns to support so we can tune them.

+ Requires Tenant Admin role or higher. Tenant Super Mods can view but not edit.

− **"I need to block a whole range."**

−

− Use CIDR notation on the IP Bans page. For example, `198.51.100.0/24` covers all 256 addresses in that range. Very broad ranges are clamped to avoid accidentally blocking a large provider's whole address space.

---

+ ## Audit trail

− ## When to escalate

+ Every ban, whitelist, edit, and unban writes to the audit log. View the trail at `/admin/audit-log` filtered to firewall events.

− Open a ticket with [[email protected]](mailto:[email protected]) if:

−

− - The stale-data warning stays up for more than 10 minutes

− - An address you lifted is still being blocked after a couple of minutes

− - You're seeing a surge of automatic blocks during a busy event and the traffic looks legitimate

−

− Support can tune the automatic block thresholds and clear stuck states for you.

Firewall Management

/admin/iptables is your interface to the platform's firewall. View active rules, block bad actors, whitelist trusted IPs, and review attack patterns. Designed mobile-first so you can ban an IP from your phone.

For automatic banning rules and broader security tooling, see IP Bans & Security.

Page anatomy

The v3 redesign organizes the page into 4 zones:

Zone	What it does
Stat strip	Live counts: active bans, whitelists, 24h ban rate, fail2ban jail size
Filter chips	One-click filters by type (ban, whitelist, jail) and source (manual, fail2ban, modsec)
Sticky-header table	Every active rule. Header stays visible as you scroll
Action drawer	Add a ban, add a whitelist, edit an entry

The CSS uses an ipt-* namespace and semantic theme tokens, so it looks correct on both light and dark themes.

Stat strip

Shows 4 live counters:

Active bans. IPs currently blocked.
Whitelisted. IPs that fail2ban will never block.
24h ban rate. How many new bans landed in the last 24 hours.
Jail size. Current fail2ban jail population.

Each counter clicks through to a filtered view of the table.

Filter chips

One row of chips below the stat strip. Click a chip to filter the table. Click again to unfilter. Multiple chips stack.

Type: Ban, Whitelist, Jail
Source: Manual, fail2ban, ModSec
Age: Last hour, Last 24h, Last 7d, All time

The filter is reflected in the URL, so you can share a filtered view.

Table

A single sticky-header table. Columns:

Column	Notes
IP	Click to copy via App.toast notification
CIDR	If the entry is a range, the CIDR mask
Type	Ban or Whitelist
Source	Manual, fail2ban, ModSec
Reason	Free text or rule ID
Added	Time ago, full timestamp on hover
Expires	When the ban auto-lifts (blank for permanent)
Actions	Unban, edit reason, copy

Click any column header to sort.

Adding a ban

Click Add ban in the toolbar. Fill 3 fields:

IP or CIDR. Single IP or range. Example: 203.0.113.5 or 203.0.113.0/24.
Reason. Free text. Will show in audit log.
Duration. Permanent, 1 hour, 24 hours, 7 days, 30 days.

Save. The ban is live within seconds.

Adding a whitelist

Same flow. Click Add whitelist, fill the fields, save. Whitelisted IPs are never auto-banned by fail2ban or ModSec.

Use whitelists for:

Your office IP (so a typo doesn't lock you out)
A shared VPN that other admins use
Trusted monitoring services (Pingdom, UptimeRobot)

Destructive actions confirm safely

The redesign replaces native browser confirm() dialogs with themed modal dialogs. Click Unban and a Mobieus-styled modal asks you to confirm. Click outside to cancel.

This means:

Confirmation dialogs match your theme (light or dark)
Mobile users see a properly sized modal instead of a tiny browser prompt
Screen readers announce the action clearly

Mobile

The page is fully responsive. On narrow screens:

Stat strip stacks vertically
Filter chips wrap to multiple rows
Table switches to card layout with key fields stacked
Action drawer slides up from the bottom

Access

Requires Tenant Admin role or higher. Tenant Super Mods can view but not edit.

Audit trail

Every ban, whitelist, edit, and unban writes to the audit log. View the trail at /admin/audit-log filtered to firewall events.

## Firewall Management

`/admin/iptables` is your interface to the platform's firewall. View active rules, block bad actors, whitelist trusted IPs, and review attack patterns. Designed mobile-first so you can ban an IP from your phone.

For automatic banning rules and broader security tooling, see [IP Bans & Security](/know/ip-bans-and-security).

---

## Page anatomy

The v3 redesign organizes the page into 4 zones:

| Zone | What it does |
|---|---|
| Stat strip | Live counts: active bans, whitelists, 24h ban rate, fail2ban jail size |
| Filter chips | One-click filters by type (ban, whitelist, jail) and source (manual, fail2ban, modsec) |
| Sticky-header table | Every active rule. Header stays visible as you scroll |
| Action drawer | Add a ban, add a whitelist, edit an entry |

The CSS uses an `ipt-*` namespace and semantic theme tokens, so it looks correct on both light and dark themes.

---

## Stat strip

Shows 4 live counters:

- **Active bans.** IPs currently blocked.
- **Whitelisted.** IPs that fail2ban will never block.
- **24h ban rate.** How many new bans landed in the last 24 hours.
- **Jail size.** Current fail2ban jail population.

Each counter clicks through to a filtered view of the table.

---

## Filter chips

One row of chips below the stat strip. Click a chip to filter the table. Click again to unfilter. Multiple chips stack.

- **Type:** Ban, Whitelist, Jail
- **Source:** Manual, fail2ban, ModSec
- **Age:** Last hour, Last 24h, Last 7d, All time

The filter is reflected in the URL, so you can share a filtered view.

---

## Table

A single sticky-header table. Columns:

| Column | Notes |
|---|---|
| IP | Click to copy via App.toast notification |
| CIDR | If the entry is a range, the CIDR mask |
| Type | Ban or Whitelist |
| Source | Manual, fail2ban, ModSec |
| Reason | Free text or rule ID |
| Added | Time ago, full timestamp on hover |
| Expires | When the ban auto-lifts (blank for permanent) |
| Actions | Unban, edit reason, copy |

Click any column header to sort.

---

## Adding a ban

Click **Add ban** in the toolbar. Fill 3 fields:

- **IP or CIDR.** Single IP or range. Example: `203.0.113.5` or `203.0.113.0/24`.
- **Reason.** Free text. Will show in audit log.
- **Duration.** Permanent, 1 hour, 24 hours, 7 days, 30 days.

Save. The ban is live within seconds.

---

## Adding a whitelist

Same flow. Click **Add whitelist**, fill the fields, save. Whitelisted IPs are never auto-banned by fail2ban or ModSec.

Use whitelists for:

- Your office IP (so a typo doesn't lock you out)
- A shared VPN that other admins use
- Trusted monitoring services (Pingdom, UptimeRobot)

---

## Destructive actions confirm safely

The redesign replaces native browser `confirm()` dialogs with themed modal dialogs. Click **Unban** and a Mobieus-styled modal asks you to confirm. Click outside to cancel.

This means:

- Confirmation dialogs match your theme (light or dark)
- Mobile users see a properly sized modal instead of a tiny browser prompt
- Screen readers announce the action clearly

---

## Mobile

The page is fully responsive. On narrow screens:

- Stat strip stacks vertically
- Filter chips wrap to multiple rows
- Table switches to card layout with key fields stacked
- Action drawer slides up from the bottom

---

## Access

Requires Tenant Admin role or higher. Tenant Super Mods can view but not edit.

---

## Audit trail

Every ban, whitelist, edit, and unban writes to the audit log. View the trail at `/admin/audit-log` filtered to firewall events.